Search

Google Account Security: Emerging Threats

09 December 2025

Experts at Google warn that "account protection" is becoming increasingly challenging as hackers intensify their efforts to steal passwords, multi-factor authentication tokens, and cookies.

According to Forbes, losing access to a Google account could allow hackers to access all other accounts not associated with Google.

The company explains that a compromised Google account can give attackers access to various services, especially if the user synchronizes their Chrome browser across devices. Chrome stores a significant amount of data in the user's cloud account: bookmarks, history, open tabs, passwords, addresses, phone numbers, and payment information, including that linked to Google Pay. If successfully hacked, this data could be exposed to malicious actors.

Google reminds users that they can disable Chrome synchronization or configure it for different types of data. Users can opt out of synchronizing passwords or payment information, which enhances security at the cost of convenience since such data won't be stored in the cloud.

There’s another concern. As noted by the publication, Google’s password manager is essentially just a password manager for Chrome, and security experts caution against storing passwords in browsers. This is due to the fact that one password can unlock your accounts, exposing your passwords to browser attacks that frequently occur.

Currently, experts also recommend that users add a passkey and employ multi-factor authentication, moving away from less secure methods like SMS. The U.S. Cybersecurity Agency has advised Google account holders to "disable other, less secure forms of multi-factor authentication" and to "check existing passwords to ensure they are long, unique, and random."

Additionally, Google advises users to review their Chrome sync settings and reset them if necessary to remove outdated data from the cloud storage.

As previously reported, Google recently updated its password manager in Chrome. The browser now has a feature that automatically changes weak or compromised passwords. This new functionality streamlines the process: when the browser detects a vulnerable password, it suggests replacing it and generates a strong alternative on supported sites, implementing the changes automatically.